Azure Monitor can Trigger Alerts Based on Data in an Azure Log Analytics Workspace- How?

Hello everyone, welcome to our new article. In this article, we will discuss a question- “azure monitor can trigger alerts based on data in an azure log analytics workspace” .

azure monitor can trigger alerts- Azure Monitor introduction
azure monitor can trigger alerts- Azure Monitor introduction


The applications conveyed on Azure are based on top of an engineering that is siloed and incredibly unique. It is inescapable to screen the applications and administrations to expand the accessibility, execution, dependability and utilization. 

Customarily, Microsoft has consistently dominated in giving venture grade stage administrations to run exceptionally adaptable and solid applications. In observing and the executives viewpoint, they don’t have extraordinary stories to signal. Observing an Azure climate utilizing the main party instruments can be a difficult errand for even the most gifted and master group in light of its complex and cover contributions. In specific cases, there is more than one device that does likewise as others. 

In the event that you have attempted to set up checking in the Azure gateway, you may have confronted a circumstance where one device A would require observing an asset R, however on the off chance that you need to do another checking activity on a similar asset, at that point, you would have to utilize device B. This may absolutely lead a client to disappointment.

What is Azure Monitoring?

Azure Monitor is an amazing detailing and investigation device. It amplifies the accessibility and execution of your applications by conveying a far reaching answer for gathering, investigating, and following up on telemetry from your cloud and on-premises conditions. It assists you with seeing what your applications are performing and proactively distinguishes issues meaning for them and the assets they rely upon. Use it for bits of knowledge into the conduct and running of your current circumstance and applications. You would then be able to react proactively to the flaws in your framework.

How does Azure Monitor work?

Azure Monitor gets information from target assets like applications, working frameworks, Azure assets, Azure memberships, and Azure inhabitants. The idea of the asset characterizes which information types are accessible. An information type will be a measurement, a log, or both a measurement and a log. These information can additionally be handled to perform various capacities like investigation, perception, alarming, computerization and reconciliations. 

  • The metric-based information type is the mathematical time-delicate qualities that address some part of the objective asset. 
  • The log-based information type is the questioning of substance information held in organized, record-based log documents that are applicable to the objective asset.

What are Metrics?

Metrics are proportions of an asset’s sure attributes over a given period. For example, CPU usage, plate IOPS, number of associations, and so forth These are normally ongoing, and since they are put away as qualities with a standard assortment stretch, they are preferably appropriate for surveys as charts to help you see results over the long run. 

Metrics are mathematical qualities that portray some part of a framework at a point on the schedule. Azure Monitor can catch measurements close to continuous. The measurements are gathered at standard stretches and are helpful for alarming due to their incessant testing. You can utilize an assortment of calculations to contrast a measurement with different measurements and notice patterns over the long run. 

Metrics are put away in a period arrangement information base. This information store is best for dissecting time-stepped information. Measurements are appropriate for the alarming and quick location of issues. They can educate you concerning framework execution. If necessary, you can consolidate them with logs to recognize the main driver of issues.

What are Logs?

Logs contain time-stepped data about changes made to assets. The kind of data recorded fluctuates by log source. The log information is coordinated into records, with various arrangements of properties for each sort of record. The logs can incorporate numeric qualities, for example, Azure Monitor measurements, however most incorporate content information as opposed to numeric qualities. 

The most well-known kind of log section records an occasion. Occasions can happen inconsistently instead of at fixed stretches or as per a timetable. Occasions are made by applications and administrations, which give the setting to the occasions. You can store metric information in logs to consolidate them with other checking information for examination. 

Information is logged from Azure Monitor in a Log Analytics workspace. Purplish Azure gives an investigation motor and a rich inquiry language. The logs show the setting of any issues and are valuable for distinguishing the main drivers. The information from logs can be acquired utilizing their local inquiry language, “Kusto Query Language” or KQL. Clients would then be able to utilize these inquiries to make helpful representations that can be stuck to dashboards.

What type of data Azure Monitor collects in an azure log analytics workspace?

Information can be acquired from a scope of sources through Azure Control. Clients can settle on checking information at various levels across the application, any working framework, and assets it relies upon, including the actual stage. For every one of the accompanying levels, Azure Monitor gathers the information: 

azure monitor can trigger alerts: Data types azure monitor collects
azure monitor can trigger alerts: Data types azure monitor collects

Application information: Data that identifies with the custom application code. It is the information on the presentation and usefulness of the code that you have composed, independent of its medium. 

Operating System information: Data in regards to the working framework in which the application is running i.e., information from the Windows or Linux virtual machines that have your application. It very well may be run on Azure, another cloud, or on-premises. 

Azure resource data: Data that identifies with the tasks of an Azure asset, for example, a web application or a heap balancer. 

Azure subscription monitoring data: Data that identifies with the membership and it likewise incorporates information about Azure wellbeing and accessibility. 

Azure tenant monitoring data: Data on the Azure association level administrations, like Azure Active Directory. 

Since Azure Monitor is a programmed framework, it starts to gather information from these sources when you make Azure assets, for example, virtual machines and web applications. You can broaden the information that Azure Monitor gathers by: 

  • Enabling diagnostics: For certain assets, like Azure SQL Database, you get full data about an asset solely after empowering demonstrative logging for it. You can utilize the Azure entryway, the Azure CLI, or PowerShell to empower diagnostics. 
  • Adding a specialist: For virtual machines, you can introduce the Log Analytics specialist and design it to send information to a Log Analytics workspace. This specialist builds the measure of data that is shipped off Azure Monitor.

What kind of alerts azure monitor can trigger based on data in an azure log analytics workspace?

azure monitor can trigger 3 types of alerts based on data in an azure log analytics,

azure monitor can trigger alerts: Types of alerts
azure monitor can trigger alerts: Types of alerts

Metric Alerts:

Metric alerts are utilized to accomplish normal edge checking of Azure assets. Azure Monitor runs metric alarm trigger conditions at ordinary stretches. At the point when the assessment is valid, Azure Monitor sends a warning. Metric alerts are stateful, and Azure Monitor will send a warning just when the essential conditions are met. Metric alerts can be helpful if, for example, you need to know when your worker CPU usage is arriving at a basic edge of 90%. You can be cautioned when your information base stockpiling is getting excessively low, or when network inertness is going to arrive at unsuitable levels. 

Log Alerts:

Log alerts use log information to evaluate the standard rationale and, if fundamental, trigger a caution. This information can emerge out of any Azure asset: worker logs, application worker logs, or application logs. By its tendency, log information is chronicled in this way use is centered around examination and patterns. These sorts of logs can be utilized to evaluate if any of your workers have surpassed their CPU usage by a given limit during the most recent 30 minutes. Or on the other hand, you can assess reaction codes gave on your web application worker just now. 

Activity Log Alerts:

Activity log makes you aware of being informed when a particular occasion occurs on some Azure asset. For instance, you can be informed when somebody makes another VM in a membership. An Activity log can likewise incorporate alerts for Azure assistance wellbeing. Action log alerts are intended to work with Azure assets. Ordinarily, you make this kind of log to get warnings when explicit changes happen on an asset inside your Azure membership.

How to enable Azure to monitor trigger alerts based on data in an azure log analytics workspace from the alerts management?

Steps to continue in azure entry: 

  • In the entryway, select Monitor and under the MONITOR segment – pick Alerts.
azure monitor can trigger alerts: step 1
azure monitor can trigger alerts: step 1
  • Select the New Alert Rule option to configure a new alert Azure
azure monitor can trigger alerts: step 2
azure monitor can trigger alerts: step 2
  • The Create Alert area appears with the three sections consisting of: Define alert condition, Define alert details, and Define action group.
azure monitor can trigger alerts: step 3
azure monitor can trigger alerts: step 3
  • Log Alerts: Ensure Resource Type is an analytic source like Log Analytics or Application Insights and types of the signal as Log, at that point once the proper resource is picked. 
azure monitor can trigger alerts: step 4
azure monitor can trigger alerts: step 4
  • Log Alerts: Once chosen, questions for cautioning can be expressed in the Search Query field; if the inquiry language structure is inaccurate the field shows mistakes in RED. 
azure monitor can trigger alerts: step 5
azure monitor can trigger alerts: step 5
  • Log Alerts: With the representation set up, Alert Logic can be chosen from shown alternatives of Condition, Aggregation & lastly Threshold. 
  • As the subsequent advance, characterize a name for your alert in the Alert guideline name field alongside a Description itemizing particulars for the alarm and Severity esteem from the alternatives given. 
  • As the third and last step, determine if any Action Group should be set off for the alert rule when the ready condition is met. You can pick any current Action Group with alert or make another Action Group.

There is a popular question- “azure monitor can trigger alerts based on data in an azure log analytics workspace” and we tried to cover relevant points regarding the question. Hope it will help you. Share your feedback with us and please like and share the article.

1 thought on “Azure Monitor can Trigger Alerts Based on Data in an Azure Log Analytics Workspace- How?”

Leave a Comment


Enjoy this blog? Please spread the word :)